def encryptParams(userdata): userdata = userdata.replace(';', '%3B').replace('=', '%3D') x1 = b'comment1=cooking%20MCs;userdata=' x2 = b';comment2=%20like%20a%20pound%20of%20bacon' params = x1 + userdata.encode('ascii') + x2 cipher = challenge10.CBC(AES.new(key, AES.MODE_ECB), iv) return cipher.encrypt(util.padPKCS7(params, 16))
def decryptParamsAndCheckAdmin(encryptedParams): cipher = challenge10.CBC(AES.new(key, AES.MODE_ECB), key) paddedParams = cipher.decrypt(encryptedParams) params = challenge15.unpadPKCS7(paddedParams) if any([x > 127 for x in params]): raise ValueError(params) return params.find(b';admin=true;') != -1
def padding_oracle(iv, s): cipher = challenge10.CBC(AES.new(key, AES.MODE_ECB), iv) paddedT = cipher.decrypt(s) try: t = challenge15.unpadPKCS7(paddedT) except ValueError: return False return True
def encryption_oracle(s): key = util.randbytes(16) cipher = AES.new(key, AES.MODE_ECB) if random.randint(0, 1) == 0: print('Encrypting with ECB') else: print('Encrypting with CBC') IV = util.randbytes(16) cipher = challenge10.CBC(cipher, IV) s = util.randbytes(random.randint(5, 10)) + s + util.randbytes(random.randint(5, 10)) s = util.padPKCS7(s, 16) return cipher.encrypt(s)
def decryptParamsAndCheckAdmin(encryptedParams): cipher = challenge10.CBC(AES.new(key, AES.MODE_ECB), iv) paddedParams = cipher.decrypt(encryptedParams) params = challenge15.unpadPKCS7(paddedParams) return params.find(b';admin=true;') != -1
def ciphertext_oracle(): s = base64.b64decode(random.choice(strings)) iv = util.randbytes(16) cipher = challenge10.CBC(AES.new(key, AES.MODE_ECB), iv) return (iv, cipher.encrypt(util.padPKCS7(s, 16)))